// 带凭证的跨域请求
fetch('https://your-domain.com/data', {
  method: 'GET',
  credentials: 'include',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${token}`
  }
})
.then(response => {
  console.log('Allowed Headers:',
    response.headers.get('Access-Control-Allow-Headers'));
});
